Multi-Factor Authentication (MFA)
Secure your Avochato account by setting up MFA (also known as 2FA)
Overview
Multi-factor Authentication (MFA), also called Two-factor Authentication (2FA), is a security process that requires two steps to verify your identity. First, you enter your email and password, and then you'll be prompted to input a verification code. Avochato users can receive this code either via their verified phone number on file or through an authenticator app.
Click here to access your profile settings to enable MFA with a phone number or the authenticator app. You’ll need to be logged in to access the profile settings.
If your password is compromised, MFA adds an extra layer of protection by ensuring your Avochato account cannot be accessed unless the attacker also has access to your mobile phone.
Configure MFA
- Organization-wide (Recommended)
To enable MFA for your organization, contact Avochato Customer Support via text or email. Once enabled, all users in your organization will be required to have a valid phone number capable of receiving MFA codes, or use an authenticator app such as Google Authenticator, Authy by Twilio, or Microsoft Authenticator to generate codes.
- Individual
To enable MFA on your account, go to your Avochato profile and select the checkbox “Require MFA for your user across all accounts”. Remember to hit “Save” for the changes to apply.
Will I have to use my phone/authenticator app to sign-in every time?
No. By default, Avochato will recognize your authenticated device with a session token. The session token is saved to the device used to sign-in. However, MFA will always be required when signing-in to a new device.
How do I know if my Avochato users have setup MFA?
Users with "Owner" permissions can access the Manage Organization section to verify each user’s MFA status.
To access the Manage Organization section, go to the profile icon at the top-right of the page and click “Manage Organization”. Under the “My Org” left side panel, go to the “Users” tab.
On the Users section, columns are displayed on each user. Scroll right to view the Invite Status section.
Org 2FA Required: Entire Avochato organization requires 2FA to access
User 2FA Required: User requires 2FA to access
Phone Valid: User has validated a mobile phone for 2FA
Authenticator Valid: User has setup MFA via an authenticator app
Generate a report with the status of all users by scrolling to the bottom of the Users page and clicking the “DOWNLOAD USERS .CSV” button.
Are there other methods of Authentication or SSO, e.g. Authenticator app?
Yes! Avochato offers SSO via Microsoft Entra ID / Azure and support for authenticator apps like Google Authenticator, Authy by Twilio and Microsoft Authenticator. Avochato will announce when other methods of MFA become available.
Sign-in Flow with MFA Enabled via SMS code sent to Phone Number on File
- Sign In - Use your email and password to Sign In to Avochato.
- Code Sent - After successfully entering your password, a unique verification code is sent to your mobile number via SMS.
- Enter Code - You receive the SMS on your phone, open the message, and enter the code into the website or app.
- Access Granted - Once you input the correct code, you're granted access to your account. By default, this device will save your session token for 90 days.
Sign-in Flow with MFA Enabled Using an Authenticator App
First, you will need an Authenticator app on your device. Avochato supports Google Authenticator, Authy, and Microsoft Authenticator. To learn more about setting up an authenticator app, click here.
- Sign In - Use your email and password to Sign In to Avochato.
- Code Generated - A code will be generated by your authenticator app (e.g Google Authenticator)
- Enter Code - You will be asked to enter the code indicated on your authenticator app. If you don’t have your authenticator app with you or have lost it, you will still have an option to get a code via SMS to your phone number by clicking “Try using phone 2FA”
- Access Granted - Once you input the correct code, you're granted access to your account.
Troubleshooting
If you or your team member has an issue logging into Avochato, please first clear your browser cache and cookies and reattempt login before contacting Support.